fortra · p0rtL6 · Oct 23, 2024 · Oct 23, 2024 · Oct 23, 2024 · Oct 23, 2024
diff --git a/README.md b/README.md
@@ -1,6 +1,27 @@
 Impacket
 ========
 
+Windows Branch
+-----------------------
+
+This branch contains modifications to make impacket examples work on Windows as
+well as adding a helpful installer to build examples into standalone binaries.
+
+**To build a tool into an executable:**
+> You may have to disable Windows AV
+
+Download `impacket-installer.ps1` and run the script as administrator in Powershell.
+
+```
+Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process
+impacket-exe-installer.ps1 --help
+```
+
+> Use Ctrl+Pause/Break to exit scripts.
+
+Original README
+---
+
 [![Latest Version](https://img.shields.io/pypi/v/impacket.svg)](https://pypi.python.org/pypi/impacket/)
 [![Build and test Impacket](https://github.com/fortra/impacket/actions/workflows/build_and_test.yml/badge.svg)](https://github.com/fortra/impacket/actions/workflows/build_and_test.yml)
 

diff --git a/examples/dcomexec.py b/examples/dcomexec.py
@@ -207,6 +207,10 @@ def run(self, addr, silentCommand=False):
 
 class RemoteShell(cmd.Cmd):
     def __init__(self, share, quit, executeShellCommand, smbConnection, shell_type, silentCommand=False):
+
+        import readline
+        readline.backend = 'readline'
+
         cmd.Cmd.__init__(self)
         self._share = share
         self._output = '\\' + OUTPUT_FILENAME

diff --git a/examples/goldenPac.py b/examples/goldenPac.py
@@ -304,6 +304,10 @@ def run(self):
 
 class RemoteShell(cmd.Cmd):
     def __init__(self, server, port, credentials, tid, fid, TGS, share):
+
+        import readline
+        readline.backend = 'readline'
+
         cmd.Cmd.__init__(self, False)
         self.prompt = '\x08'
         self.server = server

diff --git a/examples/mimikatz.py b/examples/mimikatz.py
@@ -46,6 +46,10 @@
 
 class MimikatzShell(cmd.Cmd):
     def __init__(self, dce):
+
+        import readline
+        readline.backend = 'readline'
+
         cmd.Cmd.__init__(self)
         self.shell = None
 

diff --git a/examples/ntfs-read.py b/examples/ntfs-read.py
@@ -993,6 +993,10 @@ def getINode(self, iNodeNum):
 
 class MiniShell(cmd.Cmd):
     def __init__(self, volume):
+
+        import readline
+        readline.backend = 'readline'
+
         cmd.Cmd.__init__(self)
         self.volumePath = volume
         self.volume = NTFS(volume)

diff --git a/examples/ntlmrelayx.py b/examples/ntlmrelayx.py
@@ -40,6 +40,7 @@
 import sys
 import logging
 import cmd
+
 try:
     from urllib.request import ProxyHandler, build_opener, Request
 except ImportError:
@@ -50,6 +51,8 @@
 from time import sleep
 from threading import Thread
 
+import pydivert
+
 from impacket import version
 from impacket.examples import logger
 from impacket.examples.ntlmrelayx.servers import SMBRelayServer, HTTPRelayServer, WCFRelayServer, RAWRelayServer
@@ -61,6 +64,10 @@
 
 class MiniShell(cmd.Cmd):
     def __init__(self, relayConfig, threads, api_address):
+
+        import readline
+        readline.backend = 'readline'
+
         cmd.Cmd.__init__(self)
 
         self.prompt = 'ntlmrelayx> '
@@ -236,6 +243,14 @@ def start_servers(options, threads):
             continue
 
         elif server is SMBRelayServer:
+            if options.smb_port == 445:
+                print("[*] SMB Server port set to 445 - redirecting to port 4445")
+                redirect_thread = Thread(target=redirect_smb_packets)
+                redirect_thread.start()
+                threads.add(redirect_thread)
+
+                options.smb_port = 4445
+
             c.setListeningPort(options.smb_port)
         elif server is WCFRelayServer:
             c.setListeningPort(options.wcf_port)
@@ -258,6 +273,16 @@ def stop_servers(threads):
         threads.remove(thread)
         del thread
 
+def redirect_smb_packets():
+    with pydivert.WinDivert("tcp.DstPort == 445 or tcp.SrcPort == 4445") as w:
+        for packet in w:
+            if packet.dst_port == 445 and packet.is_inbound:
+                packet.dst_port = 4445
+            if packet.src_port == 4445 and packet.is_outbound:
+                packet.src_port = 445
+            w.send(packet)
+
+
 # Process command-line arguments.
 if __name__ == '__main__':
 

diff --git a/examples/psexec.py b/examples/psexec.py
@@ -470,6 +470,10 @@ def run(self):
 
 class RemoteShell(cmd.Cmd):
     def __init__(self, server, port, credentials, tid, fid, share, transport):
+
+        import readline
+        readline.backend = 'readline'
+
         cmd.Cmd.__init__(self, False)
         self.prompt = '\x08'
         self.server = server

diff --git a/examples/raiseChild.py b/examples/raiseChild.py
@@ -342,6 +342,10 @@ def run(self):
 
 class RemoteShell(cmd.Cmd):
     def __init__(self, server, port, credentials, tid, fid, TGS, share):
+
+        import readline
+        readline.backend = 'readline'
+
         cmd.Cmd.__init__(self, False)
         self.prompt = '\x08'
         self.server = server

diff --git a/examples/smbexec.py b/examples/smbexec.py
@@ -174,6 +174,10 @@ def run(self, remoteName, remoteHost):
 
 class RemoteShell(cmd.Cmd):
     def __init__(self, share, rpc, mode, serviceName, shell_type):
+
+        import readline
+        readline.backend = 'readline'
+
         cmd.Cmd.__init__(self)
         self.__share = share
         self.__mode = mode

diff --git a/examples/sniff.py b/examples/sniff.py
@@ -28,7 +28,19 @@
 #   ImpactDecoder
 #
 
+import os
 import sys
+import subprocess
+
+try:
+    if not "RUNNING" in subprocess.run(['sc', 'query', 'npcap'], stdout=subprocess.PIPE, stderr=subprocess.PIPE).stdout.decode():
+        raise
+except:
+    print("Npcap not found. Running installer.")
+    installer_path = os.path.join(sys._MEIPASS, 'npcap.exe')
+    subprocess.run(installer_path, check=True)
+
+
 from threading import Thread
 import pcapy
 from pcapy import findalldevs, open_live

diff --git a/examples/split.py b/examples/split.py
@@ -23,10 +23,22 @@
 #   pcapy: open_offline, pcapdumper
 #   ImpactDecoder
 #
-
 from __future__ import division
 from __future__ import print_function
+
+
+import os
 import sys
+import subprocess
+
+try:
+    if not "RUNNING" in subprocess.run(['sc', 'query', 'npcap'], stdout=subprocess.PIPE, stderr=subprocess.PIPE).stdout.decode():
+        raise
+except:
+    print("Npcap not found. Running installer.")
+    installer_path = os.path.join(sys._MEIPASS, 'npcap.exe')
+    subprocess.run(installer_path, check=True)
+
 import pcapy
 from pcapy import open_offline
 

diff --git a/examples/wmiexec.py b/examples/wmiexec.py
@@ -123,6 +123,10 @@ def run(self, addr, silentCommand=False):
 
 class RemoteShell(cmd.Cmd):
     def __init__(self, share, win32Process, smbConnection, shell_type, silentCommand=False):
+
+        import readline
+        readline.backend = 'readline'
+
         cmd.Cmd.__init__(self)
         self.__share = share
         self.__output = '\\' + OUTPUT_FILENAME

diff --git a/examples/wmiquery.py b/examples/wmiquery.py
@@ -43,6 +43,10 @@
 
     class WMIQUERY(cmd.Cmd):
         def __init__(self, iWbemServices):
+
+            import readline
+            readline.backend = 'readline'
+
             cmd.Cmd.__init__(self)
             self.iWbemServices = iWbemServices
             self.prompt = 'WQL> '